Tuesday, June 21, 2011

The fever-pitch announcements of Apple and Google with their new cloud computing platforms has finally brought enterprise-level cloud computing services to the masses. Apple's iCloud for developers and its iOS5, as well as Google's ChromeOS are the latest cloud-based services that allow users to store all of their data, virtually on the Internet.

The advantages for ordinary users with the cloud services offered by Apple and Google, as well as Microsoft with its Windows Phone 7 operating system, can be measured by the convenience they give, particularly in storing important personal data such as contacts and financial information.

But with great benefits also come even greater risks. This is because data is no longer secured in physical and often disconnected devices but is made available to the web which could be a very enticing target for cybercriminals.

According to Costin G. Raiu, Kaspersky Lab Director for Global Research and Analysis Team, it could be risky to use services if basic security measures are practiced by users.

"Basically, we are talking about the same class of risks as ChromeOS – all your digital content might be available to anyone who knows your password. I believe it's completely reckless nowadays to provide such a service without two factor authentication, which makes it prone to basic data theft techniques," he said.

Raiu also believes it is reckless that companies such as Apple and Google would provide such industry-grade cloud services to the public without setting proper security functions to prevent intrustions. The recent hacking incident with the Sony PlayStation Network, which saw the theft of information from about 77 million users, is just one example of such an unsecured web service.

“Of course, even if security is indeed improved through multi-factor authentication methods, we are still faced with the issue that all the data is available on the cloud, in one place. Just as Sony recently learned, the cloud is not always impenetrable. On the contrary, its fundamental nature makes it an interesting target for cybercriminals, and no doubt it will continue to be a focus for them,” says Raiu.

Raui also warns that even if the cloud and the devices that allow for cloud-based services are protected to up 99.99 percent, the vulnerability at the network layer, the connection between devices, is still high especially if no security measures are implemented at this stage.

“From this point of view we may face a new growth of attacks when user information can be intercepted, faked, denied and distorted. Therefore, we might see new and more sophisticated attacks on the network layer side,” says Raiu.